STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:SV-6881r1_rule
V-2256
WG280
WG280
CAT II
10
The site needs to ensure that the owner should be the non-privileged web server account or equivalent which runs the web service; however, the group permissions represent those of the user accessing the web site that must execute the directives in .htacces.
If .htaccess or the .htaccess.html files are in use, the SA or Web Manager account may have Full Control, the non-privileged web server account running the web service should have read and execute permissions.
Right click the .htaccess.html file, if present. Select the Properties window, select the Security tab. Examine the access rights for the file. The SA or Web Manager account should have Full Control, the account running the web service should have read and execute permissions.
If entries other than Administrators, the Web Manager accounts, or System for any degree of access are present, this is a finding.
V-2256
False
WG280
If .htaccess or the .htaccess.html files are in use, the SA or Web Manager account may have Full Control, the non-privileged web server account running the web service should have read and execute permissions.
Right click the .htaccess.html file, if present. Select the Properties window, select the Security tab. Examine the access rights for the file. The SA or Web Manager account should have Full Control, the account running the web service should have read and execute permissions.
If entries other than Administrators, the Web Manager accounts, or System for any degree of access are present, this is a finding.
M
Web Administrator
158